I'm not sure if this is a good thing or not. It's good that when ppl send infected mails, they get an error, but it would be nice if the error was not "temporary", and informed the sender why he get the error.

SOFTLIMIT is 80MB - should be enough.
If I make clamd run as qscand it dies without any error - even when compiled with -debug.
Temparary I've made qmail-scanner run clamscan insted of clamdscan.

i ran into the same problem again and it was solved the same way (the right way)
since the FAQ on the website i quoted seems to change it's numbers here's a quote that would solve your problem

Quote:

Most likely clamd is not running at all, or you are running Qmail-Scanner and clamd under a different uid. If you are running Qmail-Scanner as qscand (default setting) you could put User qscand inside your clamav.conf file and restart clamd. Remember to check that qscand can create clamd.ctl (usually located at /var/run/clamav/clamd.ctl). The same applies to the log file.
Another possibility is that your softlimit is set too low. Try raising it to 40MB at least.

I've tried this with 3 servers now. The latest server was installed this weekend, and get the same problem every time!
Downgrading to QmS 1.16 seems to be the only way around.

I've tried running clamav as qscand. I've tried to run QmS as clamav. Softlimit is 80MB.
Aparently the only way to make QmS 1.23 work is to make it use clamscan insted of clamdscan, but then some random viruses passes trough undetected!

Clearly I have permission problems.... For the experiment I made clamd run as root - then everything worked!
The FAQ tells to run clamav (/etc/clamav.conf) run as qscand - which user clamav runs as doesn't seem to make any change. It's the user clamd (/etc/clamd.conf) that makes the stuff work.

I upgraded perl on a company server today, so qmail-scanner 1.16 does no longer work. QMS 1.24 works only if clamd is running as ROOT!
Somehow the eicar test virus (testmail #2) passes undetected trough the virus check when clamd is running as root. When running as qscand or clamav, clamd returns the error qouted in previous post when sending testmail #2.
Testmail #3 does get detekted when running as root.

It's started, otherwise it wouldn't helped much to change the user it runs as. As it works great when running as root, I'm sure the problem is related to file premissions. All the files the documentation refers to I've made world writeable, but still I get the permission problem!
Is there any way to log all files a process tries to access, so I could debug this?

As posted - depending on which user it runs as it might drop mails with or withour errors.

Did you ever figure this out petterg? The other admin on my server did a world update and i've been going crazy the last 6 hours trying to get email working. It's running as root now but I'd really like to not have that. Gonna look at it after I get back Sunday but figured I'd ask first.

I've carefully changed the ownership of clamav's run folder and logfolder every time i've changed the username it runs as... to no sucsess.
I've asumed that the folders should be owned by the user clamd is running as. Is that a bad thing?

Here's some steps to reproduce...
1) emerge spamassassin
2) emerge clamav
3) emerge qmail-scanner
4) Spend all day figuring out that clamd and freshclam need to run as user qscand and NOT clamav
(This is something the ebuild maintainers should take care)
5) Change all qmail/spamassassin AND clamav file/directory and ownership to qscand:qscand
(which should be taken care of at the ebuild level.)
6) Find out that it still doesn't work!!!
7) Shoot yourself

What the heck is the fix for this???
it is ***NOT*** permissions or SOFTLIMITs so don't bother suggesting it. Don't believe me?...

And, as an aside: The second worst mistake a programmer can make is to produce
general error messages. (The first being no error messages at all; but general messages
are just about as bad.) Error messages should point out the specific action that
failed and why if at all possible. This general "corrupt or unknown clamd scanner error or
memory/resource/perms problem" is absolutely useless to the point of being frustrating.
I fixed perm problems and I fixed memory problems. What... am I suppose to guess
what I'm suppose to fix next? clamdscan (or whatever program is encountering an
error) should log it and *specifically* tell you what it tried to do and couldn't.

Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)... 3/4
done!

Sending bad spam message for anti-spam testing - In case you are using SpamAssassin... 4/4

If you have enabled $sa_quarantine, $sa_delete or $sa_reject the
spam-message wont't arrive to the recipients. But if you have enabled
(good idea!) 'minidebug' or 'debug' you should check
/var/spool/qscan/qmail-queue.log (or where ever you have the log).

Done!

Finished test. Now go and check Email sent to postmaster@tough-widgets.com and/or the log..

_________________Harold Naparst

Last edited by hnaparst on Mon Sep 02, 2013 1:03 pm; edited 1 time in total